package org.springframework.cloud.dataflow.server.config.cloudfoundry.security.support;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.common.security.core.support.OAuth2TokenUtilsService;
import org.springframework.cloud.dataflow.server.config.cloudfoundry.security.support.CloudFoundryAuthorizationException;
import org.springframework.http.HttpStatus;
import org.springframework.http.RequestEntity;
import org.springframework.util.Assert;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/springframework/cloud/dataflow/server/config/cloudfoundry/security/support/CloudFoundrySecurityService.class */
public class CloudFoundrySecurityService {
    private static final Logger logger = LoggerFactory.getLogger(CloudFoundrySecurityService.class);
    private final OAuth2TokenUtilsService oauth2TokenUtilsService;
    private final RestTemplate restTemplate;
    private final String cloudControllerUrl;
    private final String applicationId;

    public CloudFoundrySecurityService(OAuth2TokenUtilsService oAuth2TokenUtilsService, RestTemplate restTemplate, String str, String str2) {
        Assert.notNull(oAuth2TokenUtilsService, "oauth2TokenUtilsService must not be null.");
        Assert.notNull(restTemplate, "restTemplate must not be null.");
        Assert.notNull(str, "CloudControllerUrl must not be null.");
        Assert.notNull(str2, "ApplicationId must not be null.");
        this.oauth2TokenUtilsService = oAuth2TokenUtilsService;
        this.cloudControllerUrl = str;
        this.applicationId = str2;
        this.restTemplate = restTemplate;
    }

    public boolean isSpaceDeveloper() {
        return isSpaceDeveloper(this.oauth2TokenUtilsService.getAccessTokenOfAuthenticatedUser());
    }

    public boolean isSpaceDeveloper(String str) {
        Assert.hasText(str, "The accessToken must not be null or empty.");
        return AccessLevel.FULL.equals(getAccessLevel(str, this.applicationId));
    }

    public AccessLevel getAccessLevel(String str, String str2) throws CloudFoundryAuthorizationException {
        try {
            URI permissionsUri = getPermissionsUri(str2);
            logger.info("Using PermissionsUri: " + permissionsUri);
            return Boolean.TRUE.equals(((Map) this.restTemplate.exchange(RequestEntity.get(permissionsUri).header("Authorization", new String[]{new StringBuilder().append("bearer ").append(str).toString()}).build(), Map.class).getBody()).get("read_sensitive_data")) ? AccessLevel.FULL : AccessLevel.RESTRICTED;
        } catch (HttpClientErrorException e) {
            if (e.getStatusCode().equals(HttpStatus.FORBIDDEN)) {
                return AccessLevel.NONE;
            }
            throw new CloudFoundryAuthorizationException(CloudFoundryAuthorizationException.Reason.INVALID_TOKEN, "Invalid token", e);
        } catch (HttpServerErrorException e2) {
            throw new CloudFoundryAuthorizationException(CloudFoundryAuthorizationException.Reason.SERVICE_UNAVAILABLE, "Cloud controller not reachable");
        }
    }

    private URI getPermissionsUri(String str) {
        try {
            return new URI(this.cloudControllerUrl + "/v2/apps/" + str + "/permissions");
        } catch (URISyntaxException e) {
            throw new IllegalStateException(e);
        }
    }
}
